CIS Logo
tagline: Confidence in the Connected World
Young woman working on a computer

Securing Kubernetes An objective, consensus-driven security guideline for the Kubernetes Server Software.

An objective, consensus-driven security guideline for the Kubernetes Server Software.

A step-by-step checklist to secure Kubernetes:

For Kubernetes 1.11 (CIS Kubernetes Benchmark version 1.3.0)

CIS has worked with the community since 2017 to publish a benchmark for Kubernetes

Join the Kubernetes community Arrow

Other CIS Benchmark versions:

For Kubernetes (CIS Kubernetes Benchmark version 1.2.0)

Complete CIS Benchmark Archive Arrow

Arrow CIS Covers Other Server Technologies

See the full list

Information Hub : Kubernetes

Discussion 08 Nov 2018

Benchmark recommenedation for the PodSecurityPolicy is that it 'MustRunAsNonRoot', but it is also recommended to set admission plugin SecurityContextDeny. Then how to change the user that the container runs as?

Join the Discussion Arrow

Ticket 08 Nov 2018

1.1.37 Impact statement doesn't look right

Join the Discussion Arrow

Ticket 08 Nov 2018

1.1.37 remediation is incomplete

Join the Discussion Arrow

Ticket 31 Oct 2018

The default etcd data directory permissions are 755 and not 700

Join the Discussion Arrow